Single sign on for multiple asp.net sites

Discussion in 'ASP .Net' started by sudhaoncyberworld, Aug 22, 2007.

  1. Hi Techies

    I have general question more similar to single sign on of sharepoint
    site.

    I have two asp.net sites SiteA and SiteB with forms authentication
    enabled. Lets assume its available in same server. SiteA and SiteB
    users and credential informations are same.

    If UserA logged in SiteA using some credential, the same credential
    must be used to authenticate SiteB from client side. How we can
    acheive this?

    In another way, the SiteA will have links to SiteB, when I click the
    link I want to skip the login page of SiteB since I know the
    credentials for SiteB, I want to internally authenticate from SiteA.
    Is it possible?

    Any help would be appreciated much,
    Thanks
    Sudha
     
    sudhaoncyberworld, Aug 22, 2007
    #1
    1. Advertisements

  2. sudhaoncyberworld

    unitm

    Joined:
    Aug 22, 2007
    Messages:
    2
    Likes Received:
    0
    Location:
    Eagan, MN
    Putting the info into a querystring passed via URL, (response.redirect -- blah.aspx?moop=&moopa=) then after the querystring is caught, redirect so the user will not see the url with the querystring (on page_load -- if not request.querystring("moop") is nothing or not request.querystring("moopa") is nothing then -- do function, add values to viewstate or session on new site, response.redirect blah.aspx << clears querystrings). Still security problems with that, but you can also make a third party cookie to work across sites. Some spyware apps pick those up, however, and report as malware. Just a couple thoughts.
     
    unitm, Aug 22, 2007
    #2
    1. Advertisements

  3. sudhaoncyberworld

    Guest Guest

    Guest, Aug 22, 2007
    #3
  4. sudhaoncyberworld

    Guest Guest

    Hi Sudha,
    one way you can go if your applications are sitting on the same server is to
    modify directory structure. Create one virtual directory with two
    subdirectories (also virtual). Put your application into those sub
    directories and login page into top directory.
    Another more common way is described in Altair's post on Code Project as
    already Braulio mentioned. This technique can be used only if your
    application shares same subdomain.
    If your application do not share subdomain you have to implement third
    applicaton wich will log on users to your other applications. This is
    possible if you use cookiless authentication tickets and
    enableCrossAppRedirects set to true:
    <authentication mode="Forms">
    <forms cookieless="UseUri" enableCrossAppRedirects="true" ... />
    </authentication>

    Regards,
    Ladislav
     
    Guest, Aug 22, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.